IN THE CLAIMS 



Please cancel claims 12-15. 



1 1. (Previously Presented) An apparatus comprising: 

2 at least one processor; 

3 a memory coupled to the at least one processor; 

4 first software residing in the memory and executed by the at least one processor, 

5 the first software including a first user registry that contains a first user identity for a 

6 selected user that is used to authenticate the selected user to the first software; 

7 second software residing in the memory and executed by the at least one 

8 processor, the second software including a second user registry that contains a second 

9 user identity for the selected user that is used to authenticate the selected user to the 

10 second software; and 

1 1 an identity mapping mechanism that provides a mapping between the first user 



12 identity and the second user identity. 

1 2. (Original) The apparatus of claim 1 wherein the first user registry comprises a user 

2 registry in a first processing environment. 

1 3. (Original) The apparatus of claim 2 wherein the second user registry comprises a user 

2 registry in a second processing environment that is different than the first processing 

3 environment. 



2 



1 4. (Original) The apparatus of claim 1 wherein the identity mapping mechanism 

2 comprises: 

3 a directory service that contains a plurality of user identity mappings that correlate 

4 the first user identity in the first registry to the second user identity in the second registry, 

5 and that references the first and second user registries; and 

6 schema for the directory service that specifies relationships between a plurality of 

7 entries in the directory service, where at least one entry includes the user identity 

8 mappings. 

1 5. (Original) The apparatus of claim 4 wherein the directory service comprises 

2 Lightweight Directory Access Protocol (LDAP). 

1 6. (Original) The apparatus of claim 1 further comprising a global identifier residing in 

2 the memory that corresponds to the selected user, and wherein the mapping comprises a 

3 first correlation between the first user identity and the global identifier and a second 

4 correlation between the second user identity and the global identifier. 



3 



1 7. (Previously Presented) An apparatus comprising: 

2 at least one processor; 

3 a memory coupled to the at least one processor; 

4 first software residing in the memory and executed by the at least one processor, 

5 the first software including a first user registry containing a first plurality of user 

6 identities that are used to authenticate users to the first software; 

7 second software residing in the memory and executed by the at least one 

8 processor, the second software including a second user registry residing in the memory 

9 containing a second plurality of user identities that are used to authenticate users to the 

10 second software; 

1 1 a directory service that contains a plurality of user identity mappings that correlate 

12 a first user identity in the first user registry to a second user identity in the second user 

13 registry, and that references the first and second user registries; and 

14 schema for the directory service that specifies relationships between a plurality of 



15 entries in the directory service, where at least one entry includes the user identity 

16 mappings. 

1 8. (Original) The apparatus of claim 7 wherein the first user registry comprises a user 

2 registry in a first processing environment. 

1 9. (Original) The apparatus of claim 8 wherein the second user registry comprises a user 

2 registry in a second processing environment that is different than the first processing 

3 environment. 



1 10. (Original) The apparatus of claim 7 wherein the directory service comprises 

2 Lightweight Directory Access Protocol (LDAP). 
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1 11. (Original) The apparatus of claim 7 further comprising a global identifier residing in 

2 the memory that corresponds to the selected user, and wherein the mapping comprises a 

3 first correlation between the first user identity and the global identifier and a second 

4 correlation between the second user identity and the global identifier. 

1 12-15. (Cancelled) 



5 



1 16. (Previously Presented) A method for managing a plurality of user identities on a 

2 plurality of computer systems coupled to a network, each user identity corresponding to a 

3 defined processing environment, the method comprising the steps of: 

4 providing an identity mapping mechanism that provides a mapping between a first 

5 user identity in a first user registry in first software and a second user identity in a second 

6 user registry in second software, wherein the first user identity is used to authenticate a 

7 selected user to the first software and the second user identity is used to authenticate the 

8 selected user to the second software; and 

9 invoking the identity mapping mechanism to determine the mapping between the 
1 0 first user identity and the second user identity. 

1 17. (Original) The method of claim 16 wherein the identity mapping mechanism 

2 comprises: 

3 a directory service that contains a plurality of user identity mappings that correlate 

4 the first user identity in the first registry to the second user identity in the second registry, 

5 and that references the first and second user registries; and 

6 schema for the directory service that specifies relationships between a plurality of 

7 entries in the directory service, where at least one entry includes the user identity 

8 mappings. 

1 18. (Original) The method of claim 17 wherein the directory service comprises 

2 Lightweight Directory Access Protocol (LDAP). 
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1 19. (Previously Presented) A method for correlating a plurality of user identities on a 

2 plurality of computer systems coupled to a network, the method comprising the steps of: 

3 generating a global identifier corresponding to a user; 

4 mapping a first user identity in a first user registry in first software to the global 

5 identifier, wherein the first user identity is used to authenticate a selected user to the first 

6 software; and 

7 mapping a second user identity in a second user registry in second software to the 

8 global identifier, wherein the second user identity is used to authenticate the selected user 

9 to the second software. 
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1 20. (Previously Presented) A program product comprising: 

2 (A) an identity mapping mechanism that provides a mapping between: 

3 (Al) a first user identity for a selected user residing in a first user registry 

4 in first software, wherein the first user identity is used to authenticate a selected 

5 user to the first software; and 

6 (A2) a second user identity for the selected user residing in a second user 

7 registry in second software, wherein the second user identity is used to 

8 authenticate a selected user to the second software; and 

9 (B) computer-readable signal bearing media bearing the identity mapping 
10 mechanism. 

1 21. (Original) The program product of claim 20 wherein the signal bearing media 

2 comprises recordable media. 

1 22. (Original) The program product of claim 20 wherein the signal bearing media 

2 comprises transmission media. 

1 23. (Original) The program product of claim 20 wherein the first user registry comprises 

2 a user registry in a first processing environment. 

1 24. (Original) The program product of claim 23 wherein the second user registry 

2 comprises a user registry in a second processing environment that is different than the 

3 first processing environment. 
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1 25. (Original) The program product of claim 20 wherein the identity mapping mechanism 

2 comprises: 

3 a directory service that contains a plurality of user identity mappings that correlate 

4 the first user identity in the first registry to the second user identity in the second registry, 

5 and that references the first and second user registries; and 

6 schema for the directory service that specifies relationships between a plurality of 

7 entries in the directory service, where at least one entry includes the user identity 

8 mappings. 

1 26. (Original) The program product of claim 20 wherein the directory service comprises 

2 Lightweight Directory Access Protocol (LDAP). 

1 27. (Original) The program product of claim 20 wherein the identity mapping mechanism 

2 provides a mapping between the first user identity and the second user identity by creating 

3 a global identifier that corresponds to the selected user, and by generating a first 

4 correlation between the first user identity and the global identifier and a second 

5 correlation between the second user identity and the global identifier. 
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1 28. (Previously Presented) A program product comprising: 

2 (A) a directory service that contains a plurality of user identity mappings that 

3 correlate a first user identity in a first user registry in first software to a second user 

4 identity in a second user registry in second software, and that references the first and 

5 second user registries, wherein the first user identity is used to authenticate a selected user 

6 to the first software and the second user identity is used to authenticate the selected user 

7 to the second software; and 

8 (B) schema for the directory service that specifies relationships between a 

9 plurality of entries in the directory service, where at least one entry includes the user 

1 0 identity mappings; and 

1 1 (C) computer-readable signal bearing media bearing the directory service and the 

12 schema. 

1 29. (Original) The program product of claim 28 wherein the signal bearing media 

2 comprises recordable media. 

1 30. (Original) The program product of claim 28 wherein the signal bearing media 

2 comprises transmission media. 

1 31. (Original) The program product of claim 28 wherein the first user registry comprises 

2 a user registry in a first processing environment. 

1 32. (Original) The program product of claim 31 wherein the second user registry 

2 comprises a user registry in a second processing environment that is different than the 

3 first processing environment. 

1 33. (Original) The program product of claim 28 wherein the directory service comprises 

2 Lightweight Directory Access Protocol (LDAP). 
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34. (Original) The program product of claim 28 wherein the plurality of user identity 
mappings each comprise a mapping between the first user identity and a global identifier 
that corresponds to the selected user, and a mapping between the global identifier and the 
second user identity. 
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STATUS OF THE CLAIMS 



Claims 1-34 were originally filed in this patent application. In the Amendment 
filed on 12/02/04, claims 1, 7, 16, 19, 20 and 28 were amended. In the pending office 
action, claims 12-15 were rejected under 35 U.S.C. § 103(a) as being unpatentable over 
U.S. Patent No. 5,764,745 to Chan et al. (hereinafter "Chan"). Claims 1-1 1 and 16-34 
were rejected under 35 U.S.C. §103(a) as being unpatentable over U.S. Patent 
Application Publication 2002/0093857 to Cole. No claim was allowed. In this 
amendment, claims 12-15 have been cancelled. Claims 1-11 and 16-34 are currently 
pending. 
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